DHCP协议工作过程
由于在IP地址动态获取过程中采用广播方式发送报文,因此要求DHCP客户端和服务器位于同一个网段内。如果DHCP客户端和DHCP服务器位于不同的网段,则需要通过DHCP中继来中继转发DHCP报文。
通过DHCP中继完成动态配置的过程中,客户端与服务器的处理方式与不通过DHCP中继时的处理方式基本相同。下面仅以DHCP客户端与DHCP服务器在同一网段的情况为例,说明DHCP协议的工作过程。
 
 
为了动态获取并使用一个合法的IP地址,需要经历以下几个阶段:
(1)        发现阶段:即DHCP客户端寻找DHCP服务器的阶段。
(2)        提供阶段:即DHCP服务器提供IP地址的阶段。
(3)        选择阶段:即DHCP客户端选择某台DHCP服务器提供的IP地址的阶段。
(4)        确认阶段:即DHCP服务器确认所提供的IP地址的阶段。
 
 

 
【组网情况】
  SW5--E0/4/5-----------------------------E0/4/0--R5
 
  SW5作为DHCP服务器  R5与SW5相连的口都在vlan5中
SW5的主要配置:
#
dhcp server ip-pool 5
 network 192.168.50.0 mask 255.255.255.0
 gateway-list 192.168.50.10
#
interface Vlan-interface5
 ip address 192.168.50.10 255.255.255.0
 
R5的主要配置:
#
interface Vlan-interface5
 ip address dhcp-alloc
 
【实验需求】
 
将R5和SW5互联的口先shutdown   然后再R5主SW5上都开启debugging dhcp ,再开启互联口,观察服务器和客户端的信息。
 
 
 
 
 
 
【客户端debugging信息】
<R5>
%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:
 Ethernet0/4/0: link status is DOWN 
%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:
 Vlan-interface5: link status is DOWN 
%Mar 11 11:45:11:15 2013 R5 IFNET/4/UPDOWN:
 Line protocol on the interface Vlan-interface5 is DOWN 
*Mar 11 11:45:11:15 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Move to HALT state.
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Send a Dhcp packet...
  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0x37890204);    op:报文的操作类型,分为请求报文和响应报文,1为请求报文;2为响应报文。  htype:硬件地址类型。   hlen:硬件地址长度。系统目前只对以太网支持,硬件地址长度固定为6。   xid:由客户端软件产生的随机数,用于匹配请求和应答报文。
    ciaddr(192.168.50.1); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501);      ciaddr:DHCP客户端的IP地址。(这里有地址有是因为刚刚已经获得了)      yiaddr:DHCP服务器分配给客户端的IP地址。
  Options : 
    63 82 53 63 35 01 07 36 04 C0 A8 32 0A 3D 1F 00 
    30 30 65 30 2E 66 63 30 30 2E 30 35 30 31 2D 56 
    6C 61 6E 2D 69 6E 74 65 72 66 61 63 65 35 FF 
 
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Sending DHCPRELEASE packet succeeded. 发送DHCP释放报文
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: FSM state transfer(BOUND-->HALT) successfully.
%Mar 11 11:45:39:547 2013 R5 IFNET/4/LINK UPDOWN:
 Ethernet0/4/0: link status is UP 
%Mar 11 11:45:39:562 2013 R5 IFNET/4/LINK UPDOWN:
 Vlan-interface5: link status is UP 
%Mar 11 11:45:39:562 2013 R5 IFNET/4/UPDOWN:
 Line protocol on the interface Vlan-interface5 is UP 
在接口起来后,需要经过如下四个阶段才能获取到IP
 
 
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Move to INIT state.
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: FSM state transfer(HALT-->INIT) successfully.    
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Send DHCPDISCOVER in 10000 ms.
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Send a Dhcp packet...
  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d); 
    ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501); 
  Options : 
    63 82 53 63 35 01 01 0C 02 52 35 32 04 C0 A8 32 
    01 37 05 01 03 06 0F 2B 39 02 04 80 3C 0C 48 33 
    43 2E 20 53 49 4D 57 41 52 45 3D 1F 00 30 30 65 
    30 2E 66 63 30 30 2E 30 35 30 31 2D 56 6C 61 6E 
    2D 69 6E 74 65 72 66 61 63 65 35 FF 
 
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Sending DHCPDISCOVER packet succeeded.     //在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。广播方式发送
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: FSM state transfer(INIT-->SELECTING) successfully.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Receive a packet.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Receive a DHCP packet...                      收到一个服务器的回包 //如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。
 
 
  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d); 
    ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501); 
  Option : type(DHCPOFFER); mask(255.255.255.0); lease(86400); 
    T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10); 
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Select 192.168.50.10 as the server.     将192.168.50.10 设置为DHCP服务器  //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Send a Dhcp packet...
  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d); 
    ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501); 
  Options : 
    63 82 53 63 35 01 03 0C 02 52 35 32 04 C0 A8 32 
    01 36 04 C0 A8 32 0A 37 05 01 03 06 0F 2B 39 02 
    04 80 3C 0C 48 33 43 2E 20 53 49 4D 57 41 52 45 
    3D 1F 00 30 30 65 30 2E 66 63 30 30 2E 30 35 30 
    31 2D 56 6C 61 6E 2D 69 6E 74 65 72 66 61 63 65 
    35 FF 
 
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Sending DHCPREQUEST packet succeeded.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: FSM state transfer(SELECTING-->REQUESTING) successfully.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Receive a packet.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Receive a DHCP packet...
  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d); 
    ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501); 
  Option : type(DHCPACK); mask(255.255.255.0); lease(86400); 
    T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10); 
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Begin to detect IP address conflict via ARP.     开始检测是否有IP地址冲突  //DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。
 
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Sending arp request for address(192.168.50.1) succeeded.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Move to BOUND state in 1500 milliseconds if no arp reply is received.
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Receive no arp reply for 192.168.50.1, begin to use the address.
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: FSM state transfer(REQUESTING-->BOUND) successfully.  
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
  Vlan-interface5: Sending arp request for address(192.168.50.10) succeeded.
<R5>
<R5>
<R5>
 
 
 
【服务器debugging信息】
 
 Checking for expired lease.
<SW5>sy
System View: return to User View with Ctrl+Z.
[SW5]int e0/4/5
[SW5-Ethernet0/4/5]shut
*Mar 11 11:45:11:235 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
[SW5-Ethernet0/4/5]
%Mar 11 11:45:11:313 2013 SW5 IFNET/4/LINK UPDOWN:
 Ethernet0/4/5: link status is DOWN 
%Mar 11 11:45:11:328 2013 SW5 IFNET/4/LINK UPDOWN:
 Vlan-interface5: link status is DOWN 
%Mar 11 11:45:11:328 2013 SW5 IFNET/4/UPDOWN:
 Line protocol on the interface Vlan-interface5 is DOWN 
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:45:26:110 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]undo shut
[SW5-Ethernet0/4/5]
%Mar 11 11:45:39:860 2013 SW5 IFNET/4/LINK UPDOWN:
 Ethernet0/4/5: link status is UP 
%Mar 11 11:45:39:875 2013 SW5 IFNET/4/LINK UPDOWN:
 Vlan-interface5: link status is UP 
%Mar 11 11:45:39:875 2013 SW5 IFNET/4/UPDOWN:
 Line protocol on the interface Vlan-interface5 is UP 
[SW5-Ethernet0/4/5]
*Mar 11 11:45:41:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
*Mar 11 11:45:47:578 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Receive DHCPDISCOVER from 00e0.fc00.0501-Vlan-interface5.    //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。
 
 
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Rx, interface Vlan-interface5         
    Message type: request        
    Hardware type: 1, Hardware address length: 6        
    Hops: 0, Transaction ID: 2638321164        
    Seconds: 0, Broadcast flag: 0        
    Client IP address: 0.0.0.0   Your IP address: 0.0.0.0        
    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        
    Client hardware address: 00e0-fc00-0501        
    Server host name: Not Configured, Boot file name: Not Configured        
    DHCP message type: DHCP Discover
 
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Find the lease successfully.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Assign Used Lease from global pool.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Requesting security module(s) to delete a security entry (192.168.50.1 00e0-fc00-0501) succeeded.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Sending ICMP ECHOREQUEST to target IP: 192.168.50.1.          //DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: ICMP Timeout!      Ping 超时
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: ICMP detecting finished. The target IP can be used for dhcp allocation.
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Tx, interface Vlan-interface5         
    Message type: reply        
    Hardware type: 1, Hardware address length: 6        
    Hops: 0, Transaction ID: 2638321164        
    Seconds: 0, Broadcast flag: 0        
    Client IP address: 0.0.0.0   Your IP address: 192.168.50.1     你的IP是   192.168.50.1  
    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        
    Client hardware address: 00e0-fc00-0501        
    Server host name: Not Configured, Boot file name: Not Configured        
    DHCP message type: DHCP Offer
 
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPOFFER to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1.  发送dhcp offer报文
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Receive DHCPREQUEST from 00e0.fc00.0501-Vlan-interface5.
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Rx, interface Vlan-interface5         
    Message type: request        
    Hardware type: 1, Hardware address length: 6        
    Hops: 0, Transaction ID: 2638321164        
    Seconds: 0, Broadcast flag: 0        
    Client IP address: 0.0.0.0   Your IP address: 0.0.0.0        
    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        
    Client hardware address: 00e0-fc00-0501        
    Server host name: Not Configured, Boot file name: Not Configured        
    DHCP message type: DHCP Request
 
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Acknowledge the DHCPREQUEST message!       收到DHCP客户端发送的DHCP-REQUEST请求报文  客户端以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Tx, interface Vlan-interface5         
    Message type: reply        
    Hardware type: 1, Hardware address length: 6        
    Hops: 0, Transaction ID: 2638321164        
    Seconds: 0, Broadcast flag: 0        
    Client IP address: 0.0.0.0   Your IP address: 192.168.50.1        
    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        
    Client hardware address: 00e0-fc00-0501        
    Server host name: Not Configured, Boot file name: Not Configured        
    DHCP message type: DHCP Ack
 
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPACK to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1.  收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。
*Mar 11 11:45:48:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Requesting security module(s) to add a security entry (192.168.50.1 00e0-fc00-0501) succeeded.
*Mar 11 11:45:56:328 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
*Mar 11 11:46:11:141 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:46:26:875 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
*Mar 11 11:46:42:188 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:46:57:360 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
 
 
 
综 上:
 
1. 发现阶段
在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。
由于DHCP服务器的IP地址对于客户端来说是未知的,所以DHCP客户端以广播方式发送DHCP-DISCOVER报文。所有收到DHCP-DISCOVER报文的DHCP服务器都会发送回应报文,DHCP客户端据此可以知道网络中存在的DHCP服务器的位置。
 
2. 提供阶段
网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。
DHCP服务器为客户端分配IP地址的优先次序如下:
(1)        与客户端MAC地址或客户端ID静态绑定的IP地址;
(2)        DHCP服务器记录的曾经分配给客户端的IP地址;
(3)        客户端发送的DHCP-DISCOVER报文中Option 50字段指定的IP地址;
(4)        在DHCP地址池中,顺序查找可供分配的IP地址,最先找到的IP地址;
(5)        如果未找到可用的IP地址,则依次查询租约过期、曾经发生过冲突的IP地址,如果找到则进行分配,否则将不予处理。
DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。
 
3. 选择阶段
如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。
以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。
 
4. 确认阶段
收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。
DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。
如果DHCP服务器收到DHCP-REQUEST报文后,没有找到相应的租约记录,或者由于某些原因无法正常分配IP地址,则发送DHCP-NAK报文作为应答,通知DHCP客户端无法分配合适IP地址。DHCP客户端需要重新发送DHCP-DISCOVER报文来请求新的IP地址。
 
 
sg